From Apple Pay to Car Pay: The Future of Digital Payments Security

Credit card being processed

Following the recently mandated implementation of EMV chips in debit and credit cards, criminals and financial institutions have desperately raced to adjust to the new digital payments environment. And while it’s true that EMV has proven effective against point-of-sale fraud, card-not-present (CNP) fraud is becoming a favorite of hackers hoping to gain access to consumers’ personal financial data.

As a direct result of this security concern, tokenization has emerged as the answer, one that is reshaping the foundation of the digital payments landscape.


What is Tokenization?

Tokenization is the process of replacing sensitive card data with unique identification symbols, or tokens, which retain all the essential information about the data without compromising its security. The vital part of this process is ensuring a consumer’s card credentials are untraceable by replacing the card number with a unique token.

This token acts as an encrypted dynamic transaction number, keeping the valuable account data secret from both the merchant and anyone who manages to steal the tokenized data.

Tokenization is especially useful in battling CNP fraud left vulnerable by EMV protections. Most consumers who pay bills electronically, frequently shop online, or use Apple Pay, Samsung Pay or Android Pay are already familiar with CNP transactions. Here, EMV is less effective, since there is no physical reader to ensure the chip credentials are valid. By using a token, e-retailers provide the same level of protection that EMV provides, with the encrypted token preventing criminals from accessing personal financial data.


How It Works: Step-by-Step

The most important aspect of tokenization is eliminating the static card number, CVV and expiration date from the transaction by replacing it with a temporary token. This token data is useless to criminals.


Payments with Cars and Fridges and Toilets, Oh My!

Hold on there, Dorothy! We may have exaggerated that last one a bit. However, with the security that tokenization provides, the possibilities do seem endless.

Tokenization is a major driving force behind the future commercialization of the Internet of Things (IoT). IoT is expanding at a rapid pace, and will soon allow consumers to shop directly from their Smart TVs, refrigerators, and yes, even cars.

Imagine the convenience of paying for gas with your vehicle the second you are done filling up, or the instant you order fast food from a drive thru. If that thought doesn’t excite you, picture ordering groceries straight from your refrigerator.

Essentially, tokenization allows literally any device with Internet access to become a secure online store.


How Can Institutions Implement Tokenization?

Financial institutions that utilize this method of fraud protection can ensure their customers’ data security, even when completing CNP transactions. Fraudsters are relentless, but if obtaining valuable personal information becomes too costly, criminals will seek other schemes.

To get on board with tokenization, banks must set up their cards in their network’s token vault, and enroll in the three digital wallets that utilize the card network rails: Apple Pay, Samsung Pay and Android Pay. Ideally, a bank’s  card processor will act as its partner during enrollment by completing agreements with MasterCard and Visa as well as managing its addendums with the digital wallet providers.

Without that kind of help, banks that go it alone—at least in the beginning—face a significant learning curve, with implementation possibly taking more than a year. Hence, it’s accurate to say that bank adoption will directly correlate to the level of support they receive, at a relatively low cost, from their issuer processors.

In his role, Matt Herren has employed advanced analytics and data analysis to not only react to fraud, but also to prevent it. As the product manager for Payment Analytics, Matt has expanded CSI’s ability to address fraud through early identification of merchant breaches and fraudulent testing techniques. His work helps to increase bank profitability through fraud mitigation and card portfolio analysis, allowing customers to realize industry-leading results and maximize program performance.